vboot/secdata: rename secdata and secdatak

For clarity's sake, rename: secdata -> secdata_firmware secdatak -> secdata_kernel secdata is now the general term to refer to any secure data spaces: firmware, kernel, and FWMP. Once coreboot code has been updated, the sections in 2api.h and 2constants.h may be removed. BUG=b:124141368, chromium:972956 TEST=make clean && make runtests BRANCH=none Change-Id: I376acee552e8be37c75c340626a95462f81e198b Signed-off-by: Joel Kitching <kitching@google.com> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/1773079 Reviewed-by: Joel Kitching <kitching@chromium.org> Commit-Queue: Joel Kitching <kitching@chromium.org> Tested-by: Joel Kitching <kitching@chromium.org>
author: Joel Kitching <kitching@google.com> 2019-08-27 17:13:55 +0800
committer: Commit Bot <commit-bot@chromium.org> 2019-08-31 20:49:16 +0000
commit: fbde3aa0af045021c2bfd315ad59f10aab2543fc (patch)
tree: abe4d0373a2a2b596f247a946aee5be51664ca0f /firmware
parent: f4a9bfb303b034639469f1f1fcf18d61357bd4fe (diff)
download: vboot-fbde3aa0af045021c2bfd315ad59f10aab2543fc.tar.gz
18 files changed, 459 insertions, 411 deletions
diff --git a/firmware/2lib/2api.c b/firmware/2lib/2api.c
index e6ed5eb0..e93894d7 100644
--- a/firmware/2lib/2api.c
+++ b/firmware/2lib/2api.c
@@ -57,10 +57,10 @@ vb2_error_t vb2api_fw_phase1(struct vb2_context *ctx)
 		return VB2_ERROR_API_PHASE1_SECDATA_REBOOT;
 	}
 
-	/* Initialize secure data */
-	rv = vb2_secdata_init(ctx);
+	/* Initialize firmware secure data */
+	rv = vb2_secdata_firmware_init(ctx);
 	if (rv)
-		vb2_fail(ctx, VB2_RECOVERY_SECDATA_INIT, rv);
+		vb2_fail(ctx, VB2_RECOVERY_SECDATA_FIRMWARE_INIT, rv);
 
 	/* Load and parse the GBB header */
 	rv = vb2_fw_parse_gbb(ctx);
diff --git a/firmware/2lib/2misc.c b/firmware/2lib/2misc.c
index 28ca3689..98b5c33a 100644
--- a/firmware/2lib/2misc.c
+++ b/firmware/2lib/2misc.c
@@ -245,7 +245,7 @@ vb2_error_t vb2_check_dev_switch(struct vb2_context *ctx)
 	vb2_error_t rv;
 
 	/* Read secure flags */
-	rv = vb2_secdata_get(ctx, VB2_SECDATA_FLAGS, &flags);
+	rv = vb2_secdata_firmware_get(ctx, VB2_SECDATA_FIRMWARE_FLAGS, &flags);
 	if (rv) {
 		if (ctx->flags & VB2_CONTEXT_RECOVERY_MODE) {
 			/*
@@ -265,7 +265,7 @@ vb2_error_t vb2_check_dev_switch(struct vb2_context *ctx)
 
 	/* Handle dev disable request */
 	if (use_secdata && vb2_nv_get(ctx, VB2_NV_DISABLE_DEV_REQUEST)) {
-		flags &= ~VB2_SECDATA_FLAG_DEV_MODE;
+		flags &= ~VB2_SECDATA_FIRMWARE_FLAG_DEV_MODE;
 
 		/* Clear the request */
 		vb2_nv_set(ctx, VB2_NV_DISABLE_DEV_REQUEST, 0);
@@ -276,10 +276,10 @@ vb2_error_t vb2_check_dev_switch(struct vb2_context *ctx)
 	 * that hardware switch and GBB flag will take precedence over this.
 	 */
 	if (ctx->flags & VB2_CONTEXT_DISABLE_DEVELOPER_MODE)
-		flags &= ~VB2_SECDATA_FLAG_DEV_MODE;
+		flags &= ~VB2_SECDATA_FIRMWARE_FLAG_DEV_MODE;
 
 	/* Check virtual dev switch */
-	if (flags & VB2_SECDATA_FLAG_DEV_MODE)
+	if (flags & VB2_SECDATA_FIRMWARE_FLAG_DEV_MODE)
 		is_dev = 1;
 
 	/* Check if GBB is forcing dev mode */
@@ -292,10 +292,10 @@ vb2_error_t vb2_check_dev_switch(struct vb2_context *ctx)
 		sd->flags |= VB2_SD_FLAG_DEV_MODE_ENABLED;
 		ctx->flags |= VB2_CONTEXT_DEVELOPER_MODE;
 
-		flags |= VB2_SECDATA_FLAG_LAST_BOOT_DEVELOPER;
+		flags |= VB2_SECDATA_FIRMWARE_FLAG_LAST_BOOT_DEVELOPER;
 	} else {
 		/* Normal mode */
-		flags &= ~VB2_SECDATA_FLAG_LAST_BOOT_DEVELOPER;
+		flags &= ~VB2_SECDATA_FIRMWARE_FLAG_LAST_BOOT_DEVELOPER;
 
 		/*
 		 * Disable dev_boot_* flags.  This ensures they will be
@@ -338,7 +338,8 @@ vb2_error_t vb2_check_dev_switch(struct vb2_context *ctx)
 			}
 
 			/* Save new flags */
-			rv = vb2_secdata_set(ctx, VB2_SECDATA_FLAGS, flags);
+			rv = vb2_secdata_firmware_set(
+				ctx, VB2_SECDATA_FIRMWARE_FLAGS, flags);
 			if (rv)
 				return rv;
 		}
diff --git a/firmware/2lib/2secdata.c b/firmware/2lib/2secdata.c
deleted file mode 100644
index 4493fbf3..00000000
--- a/firmware/2lib/2secdata.c
+++ /dev/null
@@ -1,131 +0,0 @@
-/* Copyright (c) 2014 The Chromium OS Authors. All rights reserved.
- * Use of this source code is governed by a BSD-style license that can be
- * found in the LICENSE file.
- *
- * Secure storage APIs
- */
-
-#include "2sysincludes.h"
-#include "2common.h"
-#include "2crc8.h"
-#include "2misc.h"
-#include "2secdata.h"
-
-vb2_error_t vb2api_secdata_check(struct vb2_context *ctx)
-{
-	struct vb2_secdata *sec = (struct vb2_secdata *)ctx->secdata;
-
-	/* Verify CRC */
-	if (sec->crc8 != vb2_crc8(sec, offsetof(struct vb2_secdata, crc8))) {
-		VB2_DEBUG("secdata_firmware: bad CRC\n");
-		return VB2_ERROR_SECDATA_CRC;
-	}
-
-	/* Verify version */
-	if (sec->struct_version < VB2_SECDATA_VERSION) {
-		VB2_DEBUG("secdata_firmware: version incompatible\n");
-		return VB2_ERROR_SECDATA_VERSION;
-	}
-
-	return VB2_SUCCESS;
-}
-
-vb2_error_t vb2api_secdata_create(struct vb2_context *ctx)
-{
-	struct vb2_secdata *sec = (struct vb2_secdata *)ctx->secdata;
-
-	/* Clear the entire struct */
-	memset(sec, 0, sizeof(*sec));
-
-	/* Set to current version */
-	sec->struct_version = VB2_SECDATA_VERSION;
-
-	/* Calculate initial CRC */
-	sec->crc8 = vb2_crc8(sec, offsetof(struct vb2_secdata, crc8));
-	ctx->flags |= VB2_CONTEXT_SECDATA_CHANGED;
-	return VB2_SUCCESS;
-}
-
-vb2_error_t vb2_secdata_init(struct vb2_context *ctx)
-{
-	struct vb2_shared_data *sd = vb2_get_sd(ctx);
-	vb2_error_t rv;
-
-	rv = vb2api_secdata_check(ctx);
-	if (rv)
-		return rv;
-
-	/* Set status flag */
-	sd->status |= VB2_SD_STATUS_SECDATA_INIT;
-
-	/* Read this now to make sure crossystem has it even in rec mode. */
-	rv = vb2_secdata_get(ctx, VB2_SECDATA_VERSIONS,
-			     &sd->fw_version_secdata);
-	if (rv)
-		return rv;
-
-	return VB2_SUCCESS;
-}
-
-vb2_error_t vb2_secdata_get(struct vb2_context *ctx,
-			    enum vb2_secdata_param param, uint32_t *dest)
-{
-	struct vb2_shared_data *sd = vb2_get_sd(ctx);
-	struct vb2_secdata *sec = (struct vb2_secdata *)ctx->secdata;
-
-	if (!(sd->status & VB2_SD_STATUS_SECDATA_INIT))
-		return VB2_ERROR_SECDATA_GET_UNINITIALIZED;
-
-	switch(param) {
-	case VB2_SECDATA_FLAGS:
-		*dest = sec->flags;
-		return VB2_SUCCESS;
-
-	case VB2_SECDATA_VERSIONS:
-		*dest = sec->fw_versions;
-		return VB2_SUCCESS;
-
-	default:
-		return VB2_ERROR_SECDATA_GET_PARAM;
-	}
-}
-
-vb2_error_t vb2_secdata_set(struct vb2_context *ctx,
-			    enum vb2_secdata_param param, uint32_t value)
-{
-	struct vb2_secdata *sec = (struct vb2_secdata *)ctx->secdata;
-	uint32_t now;
-
-	if (!(vb2_get_sd(ctx)->status & VB2_SD_STATUS_SECDATA_INIT))
-		return VB2_ERROR_SECDATA_SET_UNINITIALIZED;
-
-	/* If not changing the value, don't regenerate the CRC. */
-	if (vb2_secdata_get(ctx, param, &now) == VB2_SUCCESS && now == value)
-		return VB2_SUCCESS;
-
-	switch(param) {
-	case VB2_SECDATA_FLAGS:
-		/* Make sure flags is in valid range */
-		if (value > 0xff)
-			return VB2_ERROR_SECDATA_SET_FLAGS;
-
-		VB2_DEBUG("secdata flags updated from 0x%x to 0x%x\n",
-			  sec->flags, value);
-		sec->flags = value;
-		break;
-
-	case VB2_SECDATA_VERSIONS:
-		VB2_DEBUG("secdata versions updated from 0x%x to 0x%x\n",
-			  sec->fw_versions, value);
-		sec->fw_versions = value;
-		break;
-
-	default:
-		return VB2_ERROR_SECDATA_SET_PARAM;
-	}
-
-	/* Regenerate CRC */
-	sec->crc8 = vb2_crc8(sec, offsetof(struct vb2_secdata, crc8));
-	ctx->flags |= VB2_CONTEXT_SECDATA_CHANGED;
-	return VB2_SUCCESS;
-}
diff --git a/firmware/2lib/2secdata_firmware.c b/firmware/2lib/2secdata_firmware.c
new file mode 100644
index 00000000..1ce5b29b
--- /dev/null
+++ b/firmware/2lib/2secdata_firmware.c
@@ -0,0 +1,143 @@
+/* Copyright (c) 2014 The Chromium OS Authors. All rights reserved.
+ * Use of this source code is governed by a BSD-style license that can be
+ * found in the LICENSE file.
+ *
+ * Secure storage APIs
+ */
+
+#include "2sysincludes.h"
+#include "2common.h"
+#include "2crc8.h"
+#include "2misc.h"
+#include "2secdata.h"
+
+vb2_error_t vb2api_secdata_firmware_check(struct vb2_context *ctx)
+{
+	struct vb2_secdata_firmware *sec =
+		(struct vb2_secdata_firmware *)ctx->secdata_firmware;
+
+	/* Verify CRC */
+	if (sec->crc8 != vb2_crc8(sec, offsetof(struct vb2_secdata_firmware,
+						crc8))) {
+		VB2_DEBUG("secdata_firmware: bad CRC\n");
+		return VB2_ERROR_SECDATA_FIRMWARE_CRC;
+	}
+
+	/* Verify version */
+	if (sec->struct_version < VB2_SECDATA_FIRMWARE_VERSION) {
+		VB2_DEBUG("secdata_firmware: version incompatible\n");
+		return VB2_ERROR_SECDATA_FIRMWARE_VERSION;
+	}
+
+	return VB2_SUCCESS;
+}
+
+vb2_error_t vb2api_secdata_firmware_create(struct vb2_context *ctx)
+{
+	struct vb2_secdata_firmware *sec =
+		(struct vb2_secdata_firmware *)ctx->secdata_firmware;
+
+	/* Clear the entire struct */
+	memset(sec, 0, sizeof(*sec));
+
+	/* Set to current version */
+	sec->struct_version = VB2_SECDATA_FIRMWARE_VERSION;
+
+	/* Calculate initial CRC */
+	sec->crc8 = vb2_crc8(sec, offsetof(struct vb2_secdata_firmware, crc8));
+
+	/* Mark as changed */
+	ctx->flags |= VB2_CONTEXT_SECDATA_FIRMWARE_CHANGED;
+
+	return VB2_SUCCESS;
+}
+
+vb2_error_t vb2_secdata_firmware_init(struct vb2_context *ctx)
+{
+	struct vb2_shared_data *sd = vb2_get_sd(ctx);
+	vb2_error_t rv;
+
+	rv = vb2api_secdata_firmware_check(ctx);
+	if (rv)
+		return rv;
+
+	/* Set status flag */
+	sd->status |= VB2_SD_STATUS_SECDATA_FIRMWARE_INIT;
+
+	/* Read this now to make sure crossystem has it even in rec mode. */
+	rv = vb2_secdata_firmware_get(ctx, VB2_SECDATA_FIRMWARE_VERSIONS,
+				      &sd->fw_version_secdata);
+	if (rv)
+		return rv;
+
+	return VB2_SUCCESS;
+}
+
+vb2_error_t vb2_secdata_firmware_get(struct vb2_context *ctx,
+				     enum vb2_secdata_firmware_param param,
+				     uint32_t *dest)
+{
+	struct vb2_shared_data *sd = vb2_get_sd(ctx);
+	struct vb2_secdata_firmware *sec =
+		(struct vb2_secdata_firmware *)ctx->secdata_firmware;
+
+	if (!(sd->status & VB2_SD_STATUS_SECDATA_FIRMWARE_INIT))
+		return VB2_ERROR_SECDATA_FIRMWARE_GET_UNINITIALIZED;
+
+	switch (param) {
+	case VB2_SECDATA_FIRMWARE_FLAGS:
+		*dest = sec->flags;
+		return VB2_SUCCESS;
+
+	case VB2_SECDATA_FIRMWARE_VERSIONS:
+		*dest = sec->fw_versions;
+		return VB2_SUCCESS;
+
+	default:
+		return VB2_ERROR_SECDATA_FIRMWARE_GET_PARAM;
+	}
+}
+
+vb2_error_t vb2_secdata_firmware_set(struct vb2_context *ctx,
+				     enum vb2_secdata_firmware_param param,
+				     uint32_t value)
+{
+	struct vb2_secdata_firmware *sec =
+		(struct vb2_secdata_firmware *)ctx->secdata_firmware;
+	uint32_t now;
+
+	if (!(vb2_get_sd(ctx)->status & VB2_SD_STATUS_SECDATA_FIRMWARE_INIT))
+		return VB2_ERROR_SECDATA_FIRMWARE_SET_UNINITIALIZED;
+
+	/* If not changing the value, don't regenerate the CRC. */
+	if (vb2_secdata_firmware_get(ctx, param, &now) == VB2_SUCCESS &&
+	    now == value)
+		return VB2_SUCCESS;
+
+	switch (param) {
+	case VB2_SECDATA_FIRMWARE_FLAGS:
+		/* Make sure flags is in valid range */
+		if (value > 0xff)
+			return VB2_ERROR_SECDATA_FIRMWARE_SET_FLAGS;
+
+		VB2_DEBUG("secdata_firmware flags updated from 0x%x to 0x%x\n",
+			  sec->flags, value);
+		sec->flags = value;
+		break;
+
+	case VB2_SECDATA_FIRMWARE_VERSIONS:
+		VB2_DEBUG("secdata_firmware versions updated from "
+			  "0x%x to 0x%x\n",
+			  sec->fw_versions, value);
+		sec->fw_versions = value;
+		break;
+
+	default:
+		return VB2_ERROR_SECDATA_FIRMWARE_SET_PARAM;
+	}
+
+	/* Regenerate CRC */
+	sec->crc8 = vb2_crc8(sec, offsetof(struct vb2_secdata_firmware, crc8));
+	ctx->flags |= VB2_CONTEXT_SECDATA_FIRMWARE_CHANGED;
+	return VB2_SUCCESS;
+}
diff --git a/firmware/2lib/2secdata_kernel.c b/firmware/2lib/2secdata_kernel.c
new file mode 100644
index 00000000..47c7100f
--- /dev/null
+++ b/firmware/2lib/2secdata_kernel.c
@@ -0,0 +1,132 @@
+/* Copyright 2015 The Chromium OS Authors. All rights reserved.
+ * Use of this source code is governed by a BSD-style license that can be
+ * found in the LICENSE file.
+ *
+ * Secure storage APIs - kernel version space
+ */
+
+#include "2sysincludes.h"
+#include "2common.h"
+#include "2crc8.h"
+#include "2misc.h"
+#include "2secdata.h"
+
+vb2_error_t vb2api_secdata_kernel_check(struct vb2_context *ctx)
+{
+	struct vb2_secdata_kernel *sec =
+		(struct vb2_secdata_kernel *)ctx->secdata_kernel;
+
+	/* Verify CRC */
+	if (sec->crc8 != vb2_crc8(sec, offsetof(struct vb2_secdata_kernel,
+						crc8))) {
+		VB2_DEBUG("secdata_kernel: bad CRC\n");
+		return VB2_ERROR_SECDATA_KERNEL_CRC;
+	}
+
+	/* Verify version */
+	if (sec->struct_version < VB2_SECDATA_KERNEL_VERSION) {
+		VB2_DEBUG("secdata_firmware: version incompatible\n");
+		return VB2_ERROR_SECDATA_KERNEL_VERSION;
+	}
+
+	/* Verify UID */
+	if (sec->uid != VB2_SECDATA_KERNEL_UID) {
+		VB2_DEBUG("secdata_kernel: bad UID\n");
+		return VB2_ERROR_SECDATA_KERNEL_UID;
+	}
+
+	return VB2_SUCCESS;
+}
+
+vb2_error_t vb2api_secdata_kernel_create(struct vb2_context *ctx)
+{
+	struct vb2_secdata_kernel *sec =
+		(struct vb2_secdata_kernel *)ctx->secdata_kernel;
+
+	/* Clear the entire struct */
+	memset(sec, 0, sizeof(*sec));
+
+	/* Set to current version */
+	sec->struct_version = VB2_SECDATA_KERNEL_VERSION;
+
+	/* Set UID */
+	sec->uid = VB2_SECDATA_KERNEL_UID;
+
+	/* Calculate initial CRC */
+	sec->crc8 = vb2_crc8(sec, offsetof(struct vb2_secdata_kernel, crc8));
+
+	/* Mark as changed */
+	ctx->flags |= VB2_CONTEXT_SECDATA_KERNEL_CHANGED;
+
+	return VB2_SUCCESS;
+}
+
+vb2_error_t vb2_secdata_kernel_init(struct vb2_context *ctx)
+{
+	struct vb2_shared_data *sd = vb2_get_sd(ctx);
+	vb2_error_t rv;
+
+	rv = vb2api_secdata_kernel_check(ctx);
+	if (rv)
+		return rv;
+
+	/* Set status flag */
+	sd->status |= VB2_SD_STATUS_SECDATA_KERNEL_INIT;
+
+	return VB2_SUCCESS;
+}
+
+vb2_error_t vb2_secdata_kernel_get(struct vb2_context *ctx,
+				   enum vb2_secdata_kernel_param param,
+				   uint32_t *dest)
+{
+	struct vb2_shared_data *sd = vb2_get_sd(ctx);
+	struct vb2_secdata_kernel *sec =
+		(struct vb2_secdata_kernel *)ctx->secdata_kernel;
+
+	if (!(sd->status & VB2_SD_STATUS_SECDATA_KERNEL_INIT))
+		return VB2_ERROR_SECDATA_KERNEL_GET_UNINITIALIZED;
+
+	switch (param) {
+	case VB2_SECDATA_KERNEL_VERSIONS:
+		*dest = sec->kernel_versions;
+		return VB2_SUCCESS;
+
+	default:
+		return VB2_ERROR_SECDATA_KERNEL_GET_PARAM;
+	}
+}
+
+vb2_error_t vb2_secdata_kernel_set(struct vb2_context *ctx,
+				   enum vb2_secdata_kernel_param param,
+				   uint32_t value)
+{
+	struct vb2_shared_data *sd = vb2_get_sd(ctx);
+	struct vb2_secdata_kernel *sec =
+		(struct vb2_secdata_kernel *)ctx->secdata_kernel;
+	uint32_t now;
+
+	if (!(sd->status & VB2_SD_STATUS_SECDATA_KERNEL_INIT))
+		return VB2_ERROR_SECDATA_KERNEL_SET_UNINITIALIZED;
+
+	/* If not changing the value, don't regenerate the CRC. */
+	if (vb2_secdata_kernel_get(ctx, param, &now) == VB2_SUCCESS &&
+	    now == value)
+		return VB2_SUCCESS;
+
+	switch (param) {
+	case VB2_SECDATA_KERNEL_VERSIONS:
+		VB2_DEBUG("secdata_kernel versions updated from 0x%x to 0x%x\n",
+			  sec->kernel_versions, value);
+		sec->kernel_versions = value;
+		break;
+
+	default:
+		return VB2_ERROR_SECDATA_KERNEL_SET_PARAM;
+	}
+
+	/* Regenerate CRC */
+	sec->crc8 = vb2_crc8(sec, offsetof(struct vb2_secdata_kernel, crc8));
+	ctx->flags |= VB2_CONTEXT_SECDATA_KERNEL_CHANGED;
+	return VB2_SUCCESS;
+}
diff --git a/firmware/2lib/2secdatak.c b/firmware/2lib/2secdatak.c
deleted file mode 100644
index f6bc4c82..00000000
--- a/firmware/2lib/2secdatak.c
+++ /dev/null
@@ -1,121 +0,0 @@
-/* Copyright 2015 The Chromium OS Authors. All rights reserved.
- * Use of this source code is governed by a BSD-style license that can be
- * found in the LICENSE file.
- *
- * Secure storage APIs - kernel version space
- */
-
-#include "2sysincludes.h"
-#include "2common.h"
-#include "2crc8.h"
-#include "2misc.h"
-#include "2secdata.h"
-
-vb2_error_t vb2api_secdatak_check(struct vb2_context *ctx)
-{
-	struct vb2_secdatak *sec = (struct vb2_secdatak *)ctx->secdatak;
-
-	/* Verify CRC */
-	if (sec->crc8 != vb2_crc8(sec, offsetof(struct vb2_secdatak, crc8))) {
-		VB2_DEBUG("secdata_kernel: bad CRC\n");
-		return VB2_ERROR_SECDATAK_CRC;
-	}
-
-	/* Verify version */
-	if (sec->struct_version < VB2_SECDATAK_VERSION) {
-		VB2_DEBUG("secdata_firmware: version incompatible\n");
-		return VB2_ERROR_SECDATAK_VERSION;
-	}
-
-	/* Verify UID */
-	if (sec->uid != VB2_SECDATAK_UID) {
-		VB2_DEBUG("secdata_kernel: bad UID\n");
-		return VB2_ERROR_SECDATAK_UID;
-	}
-
-	return VB2_SUCCESS;
-}
-
-vb2_error_t vb2api_secdatak_create(struct vb2_context *ctx)
-{
-	struct vb2_secdatak *sec = (struct vb2_secdatak *)ctx->secdatak;
-
-	/* Clear the entire struct */
-	memset(sec, 0, sizeof(*sec));
-
-	/* Set to current version */
-	sec->struct_version = VB2_SECDATAK_VERSION;
-
-	/* Set UID */
-	sec->uid = VB2_SECDATAK_UID;
-
-	/* Calculate initial CRC */
-	sec->crc8 = vb2_crc8(sec, offsetof(struct vb2_secdatak, crc8));
-	ctx->flags |= VB2_CONTEXT_SECDATAK_CHANGED;
-	return VB2_SUCCESS;
-}
-
-vb2_error_t vb2_secdatak_init(struct vb2_context *ctx)
-{
-	struct vb2_shared_data *sd = vb2_get_sd(ctx);
-	vb2_error_t rv;
-
-	rv = vb2api_secdatak_check(ctx);
-	if (rv)
-		return rv;
-
-	/* Set status flag */
-	sd->status |= VB2_SD_STATUS_SECDATAK_INIT;
-
-	return VB2_SUCCESS;
-}
-
-vb2_error_t vb2_secdatak_get(struct vb2_context *ctx,
-			     enum vb2_secdatak_param param, uint32_t *dest)
-{
-	struct vb2_shared_data *sd = vb2_get_sd(ctx);
-	struct vb2_secdatak *sec = (struct vb2_secdatak *)ctx->secdatak;
-
-	if (!(sd->status & VB2_SD_STATUS_SECDATAK_INIT))
-		return VB2_ERROR_SECDATAK_GET_UNINITIALIZED;
-
-	switch(param) {
-	case VB2_SECDATAK_VERSIONS:
-		*dest = sec->kernel_versions;
-		return VB2_SUCCESS;
-
-	default:
-		return VB2_ERROR_SECDATAK_GET_PARAM;
-	}
-}
-
-vb2_error_t vb2_secdatak_set(struct vb2_context *ctx,
-			     enum vb2_secdatak_param param, uint32_t value)
-{
-	struct vb2_shared_data *sd = vb2_get_sd(ctx);
-	struct vb2_secdatak *sec = (struct vb2_secdatak *)ctx->secdatak;
-	uint32_t now;
-
-	if (!(sd->status & VB2_SD_STATUS_SECDATAK_INIT))
-		return VB2_ERROR_SECDATAK_SET_UNINITIALIZED;
-
-	/* If not changing the value, don't regenerate the CRC. */
-	if (vb2_secdatak_get(ctx, param, &now) == VB2_SUCCESS && now == value)
-		return VB2_SUCCESS;
-
-	switch(param) {
-	case VB2_SECDATAK_VERSIONS:
-		VB2_DEBUG("secdatak versions updated from 0x%x to 0x%x\n",
-			  sec->kernel_versions, value);
-		sec->kernel_versions = value;
-		break;
-
-	default:
-		return VB2_ERROR_SECDATAK_SET_PARAM;
-	}
-
-	/* Regenerate CRC */
-	sec->crc8 = vb2_crc8(sec, offsetof(struct vb2_secdatak, crc8));
-	ctx->flags |= VB2_CONTEXT_SECDATAK_CHANGED;
-	return VB2_SUCCESS;
-}
diff --git a/firmware/2lib/include/2api.h b/firmware/2lib/include/2api.h
index b091731b..9ca01993 100644
--- a/firmware/2lib/include/2api.h
+++ b/firmware/2lib/include/2api.h
@@ -28,6 +28,14 @@
 #include "2return_codes.h"
 #include "2secdata.h"
 
+/* TODO(chromium:972956): Remove once coreboot is using updated names */
+#define secdata secdata_firmware
+#define secdatak secdata_kernel
+#define vb2api_secdata_check vb2api_secdata_firmware_check
+#define vb2api_secdata_create vb2api_secdata_firmware_create
+#define vb2api_secdatak_check vb2api_secdata_kernel_check
+#define vb2api_secdatak_create vb2api_secdata_kernel_create
+
 /* Modes for vb2ex_tpm_set_mode. */
 enum vb2_tpm_mode {
 	/*
@@ -57,9 +65,12 @@ enum vb2_context_flags {
 	VB2_CONTEXT_NVDATA_CHANGED = (1 << 0),
 
 	/*
-	 * Verified boot has changed secdata[].  Caller must save secdata[]
-	 * back to its underlying storage, then may clear this flag.
+	 * Verified boot has changed secdata_firmware[].  Caller must save
+	 * secdata_firmware[] back to its underlying storage, then may clear
+	 * this flag.
 	 */
+	VB2_CONTEXT_SECDATA_FIRMWARE_CHANGED = (1 << 1),
+	/* TODO: Remove once coreboot has switched over */
 	VB2_CONTEXT_SECDATA_CHANGED = (1 << 1),
 
 	/* Recovery mode is requested this boot */
@@ -96,14 +107,16 @@ enum vb2_context_flags {
 	VB2_CONTEXT_DISABLE_DEVELOPER_MODE = (1 << 9),
 
 	/*
-	 * Verified boot has changed secdatak[].  Caller must save secdatak[]
-	 * back to its underlying storage, then may clear this flag.
+	 * Verified boot has changed secdata_kernel[].  Caller must save
+	 * secdata_kernel[] back to its underlying storage, then may clear
+	 * this flag.
 	 */
-	VB2_CONTEXT_SECDATAK_CHANGED = (1 << 10),
+	VB2_CONTEXT_SECDATA_KERNEL_CHANGED = (1 << 10),
 
 	/*
-	 * Allow kernel verification to roll forward the version in secdatak[].
-	 * Caller may set this flag before calling vb2api_kernel_phase3().
+	 * Allow kernel verification to roll forward the version in
+	 * secdata_kernel[].  Caller may set this flag before calling
+	 * vb2api_kernel_phase3().
 	 */
 	VB2_CONTEXT_ALLOW_KERNEL_ROLL_FORWARD = (1 << 11),
 
@@ -214,7 +227,7 @@ struct vb2_context {
 	 * caller must save the data back to the secure non-volatile location
 	 * and then clear the flag.
 	 */
-	uint8_t secdata[VB2_SECDATA_SIZE];
+	uint8_t secdata_firmware[VB2_SECDATA_FIRMWARE_SIZE];
 
 	/*
 	 * Context pointer for use by caller.  Verified boot never looks at
@@ -243,11 +256,11 @@ struct vb2_context {
 	/*
 	 * Secure data for kernel verification stage.  Caller must fill this
 	 * from some secure non-volatile location.  If the
-	 * VB2_CONTEXT_SECDATAK_CHANGED flag is set when a function returns,
-	 * caller must save the data back to the secure non-volatile location
-	 * and then clear the flag.
+	 * VB2_CONTEXT_SECDATA_KERNEL_CHANGED flag is set when a function
+	 * returns, caller must save the data back to the secure non-volatile
+	 * location and then clear the flag.
 	 */
-	uint8_t secdatak[VB2_SECDATAK_SIZE];
+	uint8_t secdata_kernel[VB2_SECDATA_KERNEL_SIZE];
 };
 
 /* Resource index for vb2ex_read_resource() */
@@ -295,18 +308,18 @@ enum vb2_pcr_digest {
  *
  *	Load nvdata from wherever you keep it.
  *
- *	Load secdata from wherever you keep it.
+ *	Load secdata_firmware from wherever you keep it.
  *
  *      	If it wasn't there at all (for example, this is the first boot
- *		of a new system in the factory), call vb2api_secdata_create()
- *		to initialize the data.
+ *		of a new system in the factory), call
+ *		vb2api_secdata_firmware_create() to initialize the data.
  *
  *		If access to your storage is unreliable (reads/writes may
- *		contain corrupt data), you may call vb2api_secdata_check() to
- *		determine if the data was valid, and retry reading if it
- *		wasn't.  (In that case, you should also read back and check the
- *		data after any time you write it, to make sure it was written
- *		correctly.)
+ *		contain corrupt data), you may call
+ *		vb2api_secdata_firmware_check() to determine if the data was
+ *		valid, and retry reading if it wasn't.  (In that case, you
+ *		should also read back and check the data after any time you
+ *		write it, to make sure it was written correctly.)
  *
  *	Call vb2api_fw_phase1().  At present, this nominally decides whether
  *	recovery mode is needed this boot.
@@ -317,8 +330,8 @@ enum vb2_pcr_digest {
  *	Call vb2api_fw_phase3().  At present, this nominally verifies the
  *	firmware keyblock and preamble.
  *
- *	Lock down wherever you keep secdata.  It should no longer be writable
- *	this boot.
+ *	Lock down wherever you keep secdata_firmware.  It should no longer be
+ *	writable this boot.
  *
  *	Verify the hash of each section of code/data you need to boot the RW
  *	firmware.  For each section:
@@ -342,18 +355,18 @@ enum vb2_pcr_digest {
  * done by the same firmware image, or may be done by the RW firmware.  The
  * recommended order is:
  *
- *	Load secdatak from wherever you keep it.
+ *	Load secdata_kernel from wherever you keep it.
  *
  *      	If it wasn't there at all (for example, this is the first boot
- *		of a new system in the factory), call vb2api_secdatak_create()
- *		to initialize the data.
+ *		of a new system in the factory), call
+ *		vb2api_secdata_kernel_create() to initialize the data.
  *
  *		If access to your storage is unreliable (reads/writes may
- *		contain corrupt data), you may call vb2api_secdatak_check() to
- *		determine if the data was valid, and retry reading if it
- *		wasn't.  (In that case, you should also read back and check the
- *		data after any time you write it, to make sure it was written
- *		correctly.)
+ *		contain corrupt data), you may call
+ *		vb2api_secdata_kernel_check() to determine if the data was
+ *		valid, and retry reading if it wasn't.  (In that case, you
+ *		should also read back and check the data after any time you
+*		write it, to make sure it was written correctly.)
  *
  *	Call vb2api_kernel_phase1().  At present, this decides which key to
  *	use to verify kernel data - the recovery key from the GBB, or the
@@ -387,55 +400,55 @@ enum vb2_pcr_digest {
  *	Call vb2api_kernel_phase3().  This cleans up from kernel verification
  *	and updates the secure data if needed.
  *
- *	Lock down wherever you keep secdatak.  It should no longer be writable
- *	this boot.
+ *	Lock down wherever you keep secdata_kernel.  It should no longer be
+ *	writable this boot.
  */
 
 /**
- * Check the validity of the secure storage context.
+ * Check the validity of the firmware secure storage context.
  *
  * Checks version and CRC.
  *
  * @param ctx		Context pointer
  * @return VB2_SUCCESS, or non-zero error code if error.
  */
-vb2_error_t vb2api_secdata_check(struct vb2_context *ctx);
+vb2_error_t vb2api_secdata_firmware_check(struct vb2_context *ctx);
 
 /**
- * Create fresh data in the secure storage context.
+ * Create fresh data in the firmware secure storage context.
  *
  * Use this only when initializing the secure storage context on a new machine
- * the first time it boots.  Do NOT simply use this if vb2api_secdata_check()
- * (or any other API in this library) fails; that could allow the secure data
- * to be rolled back to an insecure state.
+ * the first time it boots.  Do NOT simply use this if
+ * vb2api_secdata_firmware_check() (or any other API in this library) fails;
+ * that could allow the secure data to be rolled back to an insecure state.
  *
  * @param ctx		Context pointer
  * @return VB2_SUCCESS, or non-zero error code if error.
  */
-vb2_error_t vb2api_secdata_create(struct vb2_context *ctx);
+vb2_error_t vb2api_secdata_firmware_create(struct vb2_context *ctx);
 
 /**
- * Check the validity of the kernel version secure storage context.
+ * Check the validity of the kernel secure storage context.
  *
  * Checks version, UID, and CRC.
  *
  * @param ctx		Context pointer
  * @return VB2_SUCCESS, or non-zero error code if error.
  */
-vb2_error_t vb2api_secdatak_check(struct vb2_context *ctx);
+vb2_error_t vb2api_secdata_kernel_check(struct vb2_context *ctx);
 
 /**
- * Create fresh data in the kernel version secure storage context.
+ * Create fresh data in the kernel secure storage context.
  *
  * Use this only when initializing the secure storage context on a new machine
- * the first time it boots.  Do NOT simply use this if vb2api_secdatak_check()
- * (or any other API in this library) fails; that could allow the secure data
- * to be rolled back to an insecure state.
+ * the first time it boots.  Do NOT simply use this if
+ * vb2api_secdata_kernel_check() (or any other API in this library) fails; that
+ * could allow the secure data to be rolled back to an insecure state.
  *
  * @param ctx		Context pointer
  * @return VB2_SUCCESS, or non-zero error code if error.
  */
-vb2_error_t vb2api_secdatak_create(struct vb2_context *ctx);
+vb2_error_t vb2api_secdata_kernel_create(struct vb2_context *ctx);
 
 /**
  * Report firmware failure to vboot.
diff --git a/firmware/2lib/include/2constants.h b/firmware/2lib/include/2constants.h
index 4dadd8b6..f8d0d317 100644
--- a/firmware/2lib/include/2constants.h
+++ b/firmware/2lib/include/2constants.h
@@ -22,6 +22,10 @@
 #define VB2_NVDATA_SIZE_V2 64
 
 /* Size of secure data spaces used by vboot */
+#define VB2_SECDATA_FIRMWARE_SIZE 10
+#define VB2_SECDATA_KERNEL_SIZE 13
+
+/* TODO(chromium:972956): Remove once coreboot is using updated names */
 #define VB2_SECDATA_SIZE 10
 #define VB2_SECDATAK_SIZE 13
 
diff --git a/firmware/2lib/include/2recovery_reasons.h b/firmware/2lib/include/2recovery_reasons.h
index 3d1b3cfa..6d9a2727 100644
--- a/firmware/2lib/include/2recovery_reasons.h
+++ b/firmware/2lib/include/2recovery_reasons.h
@@ -117,8 +117,8 @@ enum vb2_nv_recovery {
 	/* New error codes from VB2 */
 	/* TODO: may need to add strings for these in the original fwlib */
 
-	/* Secure data inititalization error */
-	VB2_RECOVERY_SECDATA_INIT = 0x2b,
+	/* Firmware secure data initialization error */
+	VB2_RECOVERY_SECDATA_FIRMWARE_INIT = 0x2b,
 
 	/* GBB header is bad */
 	VB2_RECOVERY_GBB_HEADER = 0x2c,
@@ -210,8 +210,8 @@ enum vb2_nv_recovery {
 	/* New error codes from VB2 */
 	/* TODO: may need to add strings for these in the original fwlib */
 
-	/* Secure data inititalization error */
-	VB2_RECOVERY_SECDATAK_INIT = 0x5d,
+	/* Kernel secure data initialization error */
+	VB2_RECOVERY_SECDATA_KERNEL_INIT = 0x5d,
 
 	/* Fastboot mode requested in firmware */
 	VB2_RECOVERY_DEPRECATED_FW_FASTBOOT     = 0x5e,
diff --git a/firmware/2lib/include/2return_codes.h b/firmware/2lib/include/2return_codes.h
index f12f2c1a..865ea7cf 100644
--- a/firmware/2lib/include/2return_codes.h
+++ b/firmware/2lib/include/2return_codes.h
@@ -152,50 +152,50 @@ enum vb2_return_code {
 	 */
 	VB2_ERROR_SECDATA = VB2_ERROR_BASE + 0x040000,
 
-	/* Bad CRC in vb2api_secdata_check() */
-	VB2_ERROR_SECDATA_CRC,
+	/* Bad CRC in vb2api_secdata_firmware_check() */
+	VB2_ERROR_SECDATA_FIRMWARE_CRC,
 
-	/* Bad struct version in vb2_secdata_check() */
-	VB2_ERROR_SECDATA_VERSION,
+	/* Bad struct version in vb2api_secdata_firmware_check() */
+	VB2_ERROR_SECDATA_FIRMWARE_VERSION,
 
-	/* Invalid param in vb2_secdata_get() */
-	VB2_ERROR_SECDATA_GET_PARAM,
+	/* Invalid param in vb2_secdata_firmware_get() */
+	VB2_ERROR_SECDATA_FIRMWARE_GET_PARAM,
 
-	/* Invalid param in vb2_secdata_set() */
-	VB2_ERROR_SECDATA_SET_PARAM,
+	/* Invalid param in vb2_secdata_firmware_set() */
+	VB2_ERROR_SECDATA_FIRMWARE_SET_PARAM,
 
-	/* Invalid flags passed to vb2_secdata_set() */
-	VB2_ERROR_SECDATA_SET_FLAGS,
+	/* Invalid flags passed to vb2_secdata_firmware_set() */
+	VB2_ERROR_SECDATA_FIRMWARE_SET_FLAGS,
 
-	/* Called vb2_secdata_get() with uninitialized secdata */
-	VB2_ERROR_SECDATA_GET_UNINITIALIZED,
+	/* Called vb2_secdata_firmware_get() with uninitialized secdata */
+	VB2_ERROR_SECDATA_FIRMWARE_GET_UNINITIALIZED,
 
-	/* Called vb2_secdata_set() with uninitialized secdata */
-	VB2_ERROR_SECDATA_SET_UNINITIALIZED,
+	/* Called vb2_secdata_firmware_set() with uninitialized secdata */
+	VB2_ERROR_SECDATA_FIRMWARE_SET_UNINITIALIZED,
 
-	/* Bad CRC in vb2api_secdatak_check() */
-	VB2_ERROR_SECDATAK_CRC,
+	/* Bad CRC in vb2api_secdata_kernel_check() */
+	VB2_ERROR_SECDATA_KERNEL_CRC,
 
-	/* Bad struct version in vb2_secdatak_init() */
-	VB2_ERROR_SECDATAK_VERSION,
+	/* Bad struct version in vb2_secdata_kernel_init() */
+	VB2_ERROR_SECDATA_KERNEL_VERSION,
 
-	/* Bad uid in vb2_secdatak_init() */
-	VB2_ERROR_SECDATAK_UID,
+	/* Bad uid in vb2_secdata_kernel_init() */
+	VB2_ERROR_SECDATA_KERNEL_UID,
 
-	/* Invalid param in vb2_secdatak_get() */
-	VB2_ERROR_SECDATAK_GET_PARAM,
+	/* Invalid param in vb2_secdata_kernel_get() */
+	VB2_ERROR_SECDATA_KERNEL_GET_PARAM,
 
-	/* Invalid param in vb2_secdatak_set() */
-	VB2_ERROR_SECDATAK_SET_PARAM,
+	/* Invalid param in vb2_secdata_kernel_set() */
+	VB2_ERROR_SECDATA_KERNEL_SET_PARAM,
 
-	/* Invalid flags passed to vb2_secdatak_set() */
-	VB2_ERROR_SECDATAK_SET_FLAGS,
+	/* Invalid flags passed to vb2_secdata_kernel_set() */
+	VB2_ERROR_SECDATA_KERNEL_SET_FLAGS,
 
-	/* Called vb2_secdatak_get() with uninitialized secdatak */
-	VB2_ERROR_SECDATAK_GET_UNINITIALIZED,
+	/* Called vb2_secdata_kernel_get() with uninitialized secdata_kernel */
+	VB2_ERROR_SECDATA_KERNEL_GET_UNINITIALIZED,
 
-	/* Called vb2_secdatak_set() with uninitialized secdatak */
-	VB2_ERROR_SECDATAK_SET_UNINITIALIZED,
+	/* Called vb2_secdata_kernel_set() with uninitialized secdata_kernel */
+	VB2_ERROR_SECDATA_KERNEL_SET_UNINITIALIZED,
 
 	/**********************************************************************
 	 * Common code errors
diff --git a/firmware/2lib/include/2secdata.h b/firmware/2lib/include/2secdata.h
index 7acdb610..6931278c 100644
--- a/firmware/2lib/include/2secdata.h
+++ b/firmware/2lib/include/2secdata.h
@@ -15,31 +15,30 @@ typedef uint32_t vb2_error_t;
 /*****************************************************************************/
 /* Firmware version space */
 
-#define VB2_SECDATA_VERSION 2
+#define VB2_SECDATA_FIRMWARE_VERSION 2
 
 /* Flags for firmware space */
-enum vb2_secdata_flags {
+enum vb2_secdata_firmware_flags {
 	/*
 	 * Last boot was developer mode.  TPM ownership is cleared when
 	 * transitioning to/from developer mode.  Set/cleared by
 	 * vb2_check_dev_switch().
 	 */
-	VB2_SECDATA_FLAG_LAST_BOOT_DEVELOPER = (1 << 0),
+	VB2_SECDATA_FIRMWARE_FLAG_LAST_BOOT_DEVELOPER = (1 << 0),
 
 	/*
 	 * Virtual developer mode switch is on.  Set/cleared by the
 	 * keyboard-controlled dev screens in recovery mode.  Cleared by
 	 * vb2_check_dev_switch().
 	 */
-	VB2_SECDATA_FLAG_DEV_MODE = (1 << 1),
+	VB2_SECDATA_FIRMWARE_FLAG_DEV_MODE = (1 << 1),
 };
 
-/* Secure data area (firmware space) */
-struct vb2_secdata {
+struct vb2_secdata_firmware {
 	/* Struct version, for backwards compatibility */
 	uint8_t struct_version;
 
-	/* Flags; see vb2_secdata_flags */
+	/* Flags; see vb2_secdata_firmware_flags */
 	uint8_t flags;
 
 	/* Firmware versions */
@@ -52,23 +51,23 @@ struct vb2_secdata {
 	uint8_t crc8;
 } __attribute__((packed));
 
-/* Which param to get/set for vb2_secdata_get() / vb2_secdata_set() */
-enum vb2_secdata_param {
-	/* Flags; see vb2_secdata_flags */
-	VB2_SECDATA_FLAGS = 0,
+/* Which param to get/set for vb2_secdata_firmware_get/set() */
+enum vb2_secdata_firmware_param {
+	/* Flags; see vb2_secdata_firmware_flags */
+	VB2_SECDATA_FIRMWARE_FLAGS = 0,
 
 	/* Firmware versions */
-	VB2_SECDATA_VERSIONS,
+	VB2_SECDATA_FIRMWARE_VERSIONS,
 };
 
 /*****************************************************************************/
 /* Kernel version space */
 
 /* Kernel space - KERNEL_NV_INDEX, locked with physical presence. */
-#define VB2_SECDATAK_VERSION 2
-#define VB2_SECDATAK_UID 0x4752574c  /* 'GRWL' */
+#define VB2_SECDATA_KERNEL_VERSION 2
+#define VB2_SECDATA_KERNEL_UID 0x4752574c  /* 'GRWL' */
 
-struct vb2_secdatak {
+struct vb2_secdata_kernel {
 	/* Struct version, for backwards compatibility */
 	uint8_t struct_version;
 
@@ -85,84 +84,88 @@ struct vb2_secdatak {
 	uint8_t crc8;
 } __attribute__((packed));
 
-/* Which param to get/set for vb2_secdatak_get() / vb2_secdatak_set() */
-enum vb2_secdatak_param {
+/* Which param to get/set for vb2_secdata_kernel_get/set() */
+enum vb2_secdata_kernel_param {
 	/* Kernel versions */
-	VB2_SECDATAK_VERSIONS = 0,
+	VB2_SECDATA_KERNEL_VERSIONS = 0,
 };
 
 /*****************************************************************************/
-/* Firmware version space functions */
+/* Firmware secure storage space functions */
 
 /**
- * Initialize the secure storage context and verify its CRC.
+ * Initialize firmware secure storage context and verify its CRC.
  *
- * This must be called before vb2_secdata_get() or vb2_secdata_set().
+ * This must be called before vb2_secdata_firmware_get/set().
  *
  * @param ctx		Context pointer
  * @return VB2_SUCCESS, or non-zero error code if error.
  */
-vb2_error_t vb2_secdata_init(struct vb2_context *ctx);
+vb2_error_t vb2_secdata_firmware_init(struct vb2_context *ctx);
 
 /**
- * Read a secure storage value.
+ * Read a firmware secure storage value.
  *
  * @param ctx		Context pointer
  * @param param		Parameter to read
  * @param dest		Destination for value
  * @return VB2_SUCCESS, or non-zero error code if error.
  */
-vb2_error_t vb2_secdata_get(struct vb2_context *ctx,
-			    enum vb2_secdata_param param, uint32_t *dest);
+vb2_error_t vb2_secdata_firmware_get(struct vb2_context *ctx,
+				     enum vb2_secdata_firmware_param param,
+				     uint32_t *dest);
 
 /**
- * Write a secure storage value.
+ * Write a firmware secure storage value.
  *
  * @param ctx		Context pointer
  * @param param		Parameter to write
  * @param value		New value
  * @return VB2_SUCCESS, or non-zero error code if error.
  */
-vb2_error_t vb2_secdata_set(struct vb2_context *ctx,
-			    enum vb2_secdata_param param, uint32_t value);
+vb2_error_t vb2_secdata_firmware_set(struct vb2_context *ctx,
+				     enum vb2_secdata_firmware_param param,
+				     uint32_t value);
 
 /*****************************************************************************/
-/* Kernel version space functions
+/* Kernel secure storage space functions
  *
  * These are separate functions so that they don't bloat the size of the early
  * boot code which uses the firmware version space functions.
  */
 
 /**
- * Initialize the secure storage context and verify its CRC.
+ * Initialize kernel secure storage context and verify its CRC.
  *
- * This must be called before vb2_secdatak_get() or vb2_secdatak_set().
+ * This must be called before vb2_secdata_kernel_get/set().
  *
  * @param ctx		Context pointer
  * @return VB2_SUCCESS, or non-zero error code if error.
  */
-vb2_error_t vb2_secdatak_init(struct vb2_context *ctx);
+vb2_error_t vb2_secdata_kernel_init(struct vb2_context *ctx);
 
 /**
- * Read a secure storage value.
+ * Read a kernel secure storage value.
  *
  * @param ctx		Context pointer
  * @param param		Parameter to read
  * @param dest		Destination for value
  * @return VB2_SUCCESS, or non-zero error code if error.
  */
-vb2_error_t vb2_secdatak_get(struct vb2_context *ctx,
-			     enum vb2_secdatak_param param, uint32_t *dest);
+vb2_error_t vb2_secdata_kernel_get(struct vb2_context *ctx,
+				   enum vb2_secdata_kernel_param param,
+				   uint32_t *dest);
 
 /**
- * Write a secure storage value.
+ * Write a kernel secure storage value.
  *
  * @param ctx		Context pointer
  * @param param		Parameter to write
  * @param value		New value
  * @return VB2_SUCCESS, or non-zero error code if error.
  */
-vb2_error_t vb2_secdatak_set(struct vb2_context *ctx,
-			     enum vb2_secdatak_param param, uint32_t value);
+vb2_error_t vb2_secdata_kernel_set(struct vb2_context *ctx,
+				   enum vb2_secdata_kernel_param param,
+				   uint32_t value);
 
 #endif  /* VBOOT_REFERENCE_2SECDATA_H_ */
diff --git a/firmware/2lib/include/2struct.h b/firmware/2lib/include/2struct.h
index 17294ce6..4aff7ca7 100644
--- a/firmware/2lib/include/2struct.h
+++ b/firmware/2lib/include/2struct.h
@@ -72,13 +72,13 @@ enum vb2_shared_data_status {
 	VB2_SD_STATUS_NV_INIT = (1 << 1),
 
 	/* Secure data initialized */
-	VB2_SD_STATUS_SECDATA_INIT = (1 << 2),
+	VB2_SD_STATUS_SECDATA_FIRMWARE_INIT = (1 << 2),
 
 	/* Chose a firmware slot */
 	VB2_SD_STATUS_CHOSE_SLOT = (1 << 3),
 
 	/* Secure data kernel version space initialized */
-	VB2_SD_STATUS_SECDATAK_INIT = (1 << 4),
+	VB2_SD_STATUS_SECDATA_KERNEL_INIT = (1 << 4),
 };
 
 /* "V2SD" = vb2_shared_data.magic */
@@ -126,7 +126,7 @@ struct vb2_shared_data {
 	 */
 	uint32_t fw_version;
 
-	/* Version stored in secdata (must be <= fw_version to boot). */
+	/* Version from secdata_firmware (must be <= fw_version to boot). */
 	uint32_t fw_version_secdata;
 
 	/*
@@ -154,8 +154,8 @@ struct vb2_shared_data {
 	 */
 	uint32_t kernel_version;
 
-	/* Kernel version from secdatak (must be <= kernel_version to boot) */
-	uint32_t kernel_version_secdatak;
+	/* Version from secdata_kernel (must be <= kernel_version to boot) */
+	uint32_t kernel_version_secdata;
 
 	/**********************************************************************
 	 * Temporary variables used during firmware verification.  These don't
diff --git a/firmware/lib/rollback_index.c b/firmware/lib/rollback_index.c
index e4493a4a..004d3ba0 100644
--- a/firmware/lib/rollback_index.c
+++ b/firmware/lib/rollback_index.c
@@ -64,16 +64,16 @@ uint32_t ReadSpaceFirmware(RollbackSpaceFirmware *rsf)
 
 	r = TlclRead(FIRMWARE_NV_INDEX, rsf, sizeof(RollbackSpaceFirmware));
 	if (TPM_SUCCESS != r) {
-		VB2_DEBUG("TPM: read secdata returned 0x%x\n", r);
+		VB2_DEBUG("TPM: read secdata_firmware returned 0x%x\n", r);
 		return r;
 	}
-	PRINT_BYTES("TPM: read secdata", rsf);
+	PRINT_BYTES("TPM: read secdata_firmware", rsf);
 
 	if (rsf->struct_version < ROLLBACK_SPACE_FIRMWARE_VERSION)
 		return TPM_E_STRUCT_VERSION;
 
 	if (rsf->crc8 != vb2_crc8(rsf, offsetof(RollbackSpaceFirmware, crc8))) {
-		VB2_DEBUG("TPM: bad secdata CRC\n");
+		VB2_DEBUG("TPM: bad secdata_firmware CRC\n");
 		return TPM_E_CORRUPTED_STATE;
 	}
 
@@ -89,7 +89,7 @@ uint32_t WriteSpaceFirmware(RollbackSpaceFirmware *rsf)
 	PRINT_BYTES("TPM: write secdata", rsf);
 	r = SafeWrite(FIRMWARE_NV_INDEX, rsf, sizeof(RollbackSpaceFirmware));
 	if (TPM_SUCCESS != r) {
-		VB2_DEBUG("TPM: write secdata failure\n");
+		VB2_DEBUG("TPM: write secdata_firmware failure\n");
 		return r;
 	}
 
@@ -146,10 +146,10 @@ uint32_t ReadSpaceKernel(RollbackSpaceKernel *rsk)
 
 	r = TlclRead(KERNEL_NV_INDEX, rsk, sizeof(RollbackSpaceKernel));
 	if (TPM_SUCCESS != r) {
-		VB2_DEBUG("TPM: read secdatak returned 0x%x\n", r);
+		VB2_DEBUG("TPM: read secdata_kernel returned 0x%x\n", r);
 		return r;
 	}
-	PRINT_BYTES("TPM: read secdatak", rsk);
+	PRINT_BYTES("TPM: read secdata_kernel", rsk);
 
 	if (rsk->struct_version < ROLLBACK_SPACE_FIRMWARE_VERSION)
 		return TPM_E_STRUCT_VERSION;
@@ -158,7 +158,7 @@ uint32_t ReadSpaceKernel(RollbackSpaceKernel *rsk)
 		return TPM_E_CORRUPTED_STATE;
 
 	if (rsk->crc8 != vb2_crc8(rsk, offsetof(RollbackSpaceKernel, crc8))) {
-		VB2_DEBUG("TPM: bad secdatak CRC\n");
+		VB2_DEBUG("TPM: bad secdata_kernel CRC\n");
 		return TPM_E_CORRUPTED_STATE;
 	}
 
@@ -171,10 +171,10 @@ uint32_t WriteSpaceKernel(RollbackSpaceKernel *rsk)
 
 	rsk->crc8 = vb2_crc8(rsk, offsetof(RollbackSpaceKernel, crc8));
 
-	PRINT_BYTES("TPM: write secdatak", rsk);
+	PRINT_BYTES("TPM: write secdata_kernel", rsk);
 	r = SafeWrite(KERNEL_NV_INDEX, rsk, sizeof(RollbackSpaceKernel));
 	if (TPM_SUCCESS != r) {
-		VB2_DEBUG("TPM: write secdatak failure\n");
+		VB2_DEBUG("TPM: write secdata_kernel failure\n");
 		return r;
 	}
 
@@ -214,7 +214,7 @@ uint32_t RollbackKernelLock(int recovery_mode)
 	if (TPM_SUCCESS == r)
 		kernel_locked = 1;
 
-	VB2_DEBUG("TPM: lock secdatak returned 0x%x\n", r);
+	VB2_DEBUG("TPM: lock secdata_kernel returned 0x%x\n", r);
 	return r;
 }
 
diff --git a/firmware/lib/vboot_display.c b/firmware/lib/vboot_display.c
index 725e1aaa..9341e1e3 100644
--- a/firmware/lib/vboot_display.c
+++ b/firmware/lib/vboot_display.c
@@ -183,8 +183,8 @@ const char *RecoveryReasonString(uint8_t code)
 		return "EC software sync unable to jump to EC-RW";
 	case VB2_RECOVERY_EC_PROTECT:
 		return "EC software sync protection error";
-	case VB2_RECOVERY_SECDATA_INIT:
-		return "Secure NVRAM (TPM) initialization error";
+	case VB2_RECOVERY_SECDATA_FIRMWARE_INIT:
+		return "Firmware secure NVRAM (TPM) initialization error";
 	case VB2_RECOVERY_GBB_HEADER:
 		return "Error parsing GBB header";
 	case VB2_RECOVERY_TPM_CLEAR_OWNER:
@@ -241,6 +241,8 @@ const char *RecoveryReasonString(uint8_t code)
 		return "No bootable kernel found on disk";
 	case VB2_RECOVERY_RW_BCB_ERROR:
 		return "BCB partition error on disk";
+	case VB2_RECOVERY_SECDATA_KERNEL_INIT:
+		return "Kernel secure NVRAM (TPM) initialization error";
 	case VB2_RECOVERY_RO_TPM_REC_HASH_L_ERROR:
 		return "Recovery hash space lock error in RO firmware";
 	case VB2_RECOVERY_RW_UNSPECIFIED:
@@ -345,7 +347,7 @@ vb2_error_t VbDisplayDebugInfo(struct vb2_context *ctx)
 			       sd->fw_version_secdata, 16, 8);
 	used += StrnAppend(buf + used, " kernver=0x", DEBUG_INFO_SIZE - used);
 	used += Uint64ToString(buf + used, DEBUG_INFO_SIZE - used,
-			       sd->kernel_version_secdatak, 16, 8);
+			       sd->kernel_version_secdata, 16, 8);
 
 	/* Add GBB flags */
 	used += StrnAppend(buf + used,
diff --git a/firmware/lib20/api_kernel.c b/firmware/lib20/api_kernel.c
index 7737f260..88e2a0b8 100644
--- a/firmware/lib20/api_kernel.c
+++ b/firmware/lib20/api_kernel.c
@@ -26,18 +26,18 @@ vb2_error_t vb2api_kernel_phase1(struct vb2_context *ctx)
 	vb2_workbuf_from_ctx(ctx, &wb);
 
 	/* Initialize secure kernel data and read version */
-	rv = vb2_secdatak_init(ctx);
+	rv = vb2_secdata_kernel_init(ctx);
 	if (!rv) {
-		rv = vb2_secdatak_get(ctx, VB2_SECDATAK_VERSIONS,
-				      &sd->kernel_version_secdatak);
+		rv = vb2_secdata_kernel_get(ctx, VB2_SECDATA_KERNEL_VERSIONS,
+					    &sd->kernel_version_secdata);
 	}
 
 	if (rv) {
 		if (ctx->flags & VB2_CONTEXT_RECOVERY_MODE) {
 			/* Ignore failure to get kernel version in recovery */
-			sd->kernel_version_secdatak = 0;
+			sd->kernel_version_secdata = 0;
 		} else {
-			vb2_fail(ctx, VB2_RECOVERY_SECDATAK_INIT, rv);
+			vb2_fail(ctx, VB2_RECOVERY_SECDATA_KERNEL_INIT, rv);
 			return rv;
 		}
 	}
@@ -257,15 +257,15 @@ vb2_error_t vb2api_kernel_phase3(struct vb2_context *ctx)
 	 * kernel signature is valid, and we're not in recovery mode, and we're
 	 * allowed to, roll forward the version in secure storage.
 	 */
-	if (sd->kernel_version > sd->kernel_version_secdatak &&
+	if (sd->kernel_version > sd->kernel_version_secdata &&
 	    (sd->flags & VB2_SD_FLAG_KERNEL_SIGNED) &&
 	    !(ctx->flags & VB2_CONTEXT_RECOVERY_MODE) &&
 	    (ctx->flags & VB2_CONTEXT_ALLOW_KERNEL_ROLL_FORWARD)) {
-		rv = vb2_secdatak_set(ctx, VB2_SECDATAK_VERSIONS,
-				      sd->kernel_version);
+		rv = vb2_secdata_kernel_set(ctx, VB2_SECDATA_KERNEL_VERSIONS,
+					    sd->kernel_version);
 		if (rv)
 			return rv;
-		sd->kernel_version_secdatak = sd->kernel_version;
+		sd->kernel_version_secdata = sd->kernel_version;
 	}
 
 	return VB2_SUCCESS;
diff --git a/firmware/lib20/kernel.c b/firmware/lib20/kernel.c
index 10cf158f..a78920ff 100644
--- a/firmware/lib20/kernel.c
+++ b/firmware/lib20/kernel.c
@@ -192,7 +192,7 @@ vb2_error_t vb2_load_kernel_keyblock(struct vb2_context *ctx)
 			return VB2_ERROR_KERNEL_KEYBLOCK_VERSION_RANGE;
 	}
 	if (!rec_switch && kb->data_key.key_version <
-	    (sd->kernel_version_secdatak >> 16)) {
+	    (sd->kernel_version_secdata >> 16)) {
 		keyblock_is_valid = 0;
 		if (need_keyblock_valid)
 			return VB2_ERROR_KERNEL_KEYBLOCK_VERSION_ROLLBACK;
@@ -427,7 +427,7 @@ vb2_error_t vb2_load_kernel_preamble(struct vb2_context *ctx)
 	sd->kernel_version |= pre->kernel_version;
 
 	if (vb2_need_signed_kernel(ctx) &&
-	    sd->kernel_version < sd->kernel_version_secdatak)
+	    sd->kernel_version < sd->kernel_version_secdata)
 		return VB2_ERROR_KERNEL_PREAMBLE_VERSION_ROLLBACK;
 
 	/* Keep track of where we put the preamble */
diff --git a/firmware/lib20/misc.c b/firmware/lib20/misc.c
index 0d681799..e95732ef 100644
--- a/firmware/lib20/misc.c
+++ b/firmware/lib20/misc.c
@@ -286,7 +286,8 @@ vb2_error_t vb2_load_fw_preamble(struct vb2_context *ctx)
 	    sd->last_fw_result == VB2_FW_RESULT_SUCCESS) {
 
 		sd->fw_version_secdata = sd->fw_version;
-		rv = vb2_secdata_set(ctx, VB2_SECDATA_VERSIONS, sd->fw_version);
+		rv = vb2_secdata_firmware_set(
+			ctx, VB2_SECDATA_FIRMWARE_VERSIONS, sd->fw_version);
 		if (rv)
 			return rv;
 	}
diff --git a/firmware/lib21/misc.c b/firmware/lib21/misc.c
index 96071685..7c5def9b 100644
--- a/firmware/lib21/misc.c
+++ b/firmware/lib21/misc.c
@@ -232,7 +232,8 @@ vb2_error_t vb21_load_fw_preamble(struct vb2_context *ctx)
 	    sd->last_fw_result == VB2_FW_RESULT_SUCCESS) {
 
 		sd->fw_version_secdata = sd->fw_version;
-		rv = vb2_secdata_set(ctx, VB2_SECDATA_VERSIONS, sd->fw_version);
+		rv = vb2_secdata_firmware_set(
+			ctx, VB2_SECDATA_FIRMWARE_VERSIONS, sd->fw_version);
 		if (rv)
 			return rv;
 	}
author	Joel Kitching <kitching@google.com>	2019-08-27 17:13:55 +0800
committer	Commit Bot <commit-bot@chromium.org>	2019-08-31 20:49:16 +0000
commit	fbde3aa0af045021c2bfd315ad59f10aab2543fc (patch)
tree	abe4d0373a2a2b596f247a946aee5be51664ca0f /firmware
parent	f4a9bfb303b034639469f1f1fcf18d61357bd4fe (diff)
download	vboot-fbde3aa0af045021c2bfd315ad59f10aab2543fc.tar.gz